The latest EC-Council Certified Ethical Hacker CEH v10 312-50 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the EC-Council Certified Ethical Hacker CEH v10 312-50 exam and earn EC-Council Certified Ethical Hacker CEH v10 312-50 certification.
Exam Question 131
A well-intentioned researcher discovers a vulnerability on the web site of a major corporation. What should he do?
A. Try to sell the information to a well-paying party on the dark web.
B. Exploit the vulnerability without harming the web site owner so that attention be drawn to the problem.
C. Ignore it.
D. Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.
Correct Answer:
D. Notify the web site owner so that corrective action be taken as soon as possible to patch the vulnerability.
Exam Question 132
Trinity needs to scan all hosts on a /16 network for TCP port 445 only. What is the fastest way she can accomplish this with Nmap? Stealth is not a concern.
A. nmap –p 445 –n –T4 –open 10.1.0.0/16
B. nmap –p 445 –max –Pn 10.1.0.0/16
C. nmap –sn –sF 10.1.0.0/16 445
D. nmap –s 445 –sU –T5 10.1.0.0/16
Correct Answer:
A. nmap –p 445 –n –T4 –open 10.1.0.0/16
Exam Question 133
It is a short-range wireless communication technology intended to replace the cables connecting portable of fixed devices while maintaining high levels of security. It allows mobile phones, computers and other devices to connect and communicate using a short-range wireless connection. Which of the following terms best matches the definition?
A. Bluetooth
B. WLAN
C. InfraRed
D. Radio-Frequency identification
Correct Answer:
A. Bluetooth
Exam Question 134
Which of the following can the administrator do to verify that a tape backup can be recovered in its entirety?
A. Read the first 512 bytes of the tape
B. Perform a full restore
C. Read the last 512 bytes of the tape
D. Restore a random file
Correct Answer:
B. Perform a full restore
Exam Question 135
A company’s security policy states that all Web browsers must automatically delete their HTTP browser cookies upon terminating. What sort of security breach is this policy attempting to mitigate?
A. Attempts by attackers to access the user and password information stored in the company’s SQL database.
B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.
C. Attempts by attackers to access password stored on the user’s computer without the user’s knowledge.
D. Attempts by attackers to determine the user’s Web browser usage patterns, including when sites were visited and for how long.
Correct Answer:
B. Attempts by attackers to access Web sites that trust the Web browser user by stealing the user’s authentication credentials.
Exam Question 136
To maintain compliance with regulatory requirements, a security audit of the systems on a network must be performed to determine their compliance with security policies. Which one of the following tools would most likely be used in such an audit?
A. Protocol analyzer
B. Intrusion Detection System
C. Port scanner
D. Vulnerability scanner
Correct Answer:
D. Vulnerability scanner
Exam Question 137
Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?
A. Reconnaissance
B. Escalation
C. Scanning
D. Enumeration
Correct Answer:
A. Reconnaissance
Exam Question 138
A medium-sized healthcare IT business decides to implement a risk management strategy. Which of the following is NOT one of the five basic responses to risk?
A. Accept
B. Delegate
C. Mitigate
D. Avoid
Correct Answer:
B. Delegate
Exam Question 139
OpenSSL on Linux servers includes a command line tool for testing TLS. What is the name of the tool and the correct syntax to connect to a web server?
A. openssl s_client –site www.website.com:443
B. openssl_client –site www.website.com:443
C. openssl_client –connect www.website.com:443
D. openssl s_client –connect www.website.com:443
Correct Answer:
D. openssl s_client –connect www.website.com:443
Exam Question 140
Which of the following is one of the most effective ways to prevent Cross-site Scripting (XSS) flaws in software applications?
A. Use security policies and procedures to define and implement proper security settings.
B. Use digital certificates to authenticate a server prior to sending data.
C. Validate and escape all information sent to a server.
D. Verify access right before allowing access to protected information and UI controls.
Correct Answer:
C. Validate and escape all information sent to a server.